Vulnerability Assessment Tools

NetSPI consultants dedicate time and resources to develop open-sourced tool sets that strengthen the infosec community.

Want to see more of our open source projects, check out our GitHub repositories. Click here

PowerUpSQL

PowerUpSQL supports SQL Server discovery, auditing for common weak configurations, and privilege escalation on scale for internal penetration testing and read team engagements.

Inveigh

Inveigh is a PowerShell ADIDNS/LLMNR/mDNS/NBNS spoofer and man-in-the-middle tool designed to assist penetration testers/red teamers that find themselves limited to a Windows system.

Inveigh Zero

InveighZero is a C# LLMNR/mDNS/NBNS spoofer and man-in-the-middle tool designed to assist penetration testers/red teamers that find themselves limited to a Windows system.

MicroBurst

MicroBurst includes functions and scripts that support Azure Services discovery, weak configuration auditing, and post exploitation actions such as credential dumping.

NetSPI SQL Injection Wiki

Our wiki is a comprehensive knowledge base for SQL injection. You’ll find resources on identifying, exploiting, and escalating SQL injection vulnerabilities across database management systems.

PESecurity

PESECURITY is a PowerShell script that displays whether images (DLLs and EXEs) are compiled with ASLR, DEP, and SafeSEH.

Burp ExtractorL

Burp Extractor is a one-size-fits-all tool that uses regex for extracting data from HTTP responses – such as CSRF tokens, Auth Bearer tokens, timestamps, etc. – to be reused in HTTP requests sent through Burp.

JSON Beautifier

JSON Beautifier is a Burp Extension for beautifying JSON output, so it is easier to view and modify unparsed JSON strings.

BurpSuite: AWSSigner

AWSSigner looks for the “X-AMZ-Date” header in Burp requests. If it finds a request, it will update the signature in the request with your access key, secret key region and service.

BurpSuite: WSDLR

Inveigh is a PowerShell ADIDNS/LLMNR/mDNS/NBNS spoofer and man-in-the-middle tool designed to assist penetration testers/red teamers that find themselves limited to a Windows system.

Tokenvator

Tokenvator is a .NET tool used to elevate permissions on Windows. It works by impersonating or altering authentication tokens.

WheresMyImplant: A C# Bring-Your-Own-Land toolkit

WheresMyImplant is tool to gain and maintain access to a target system. It can also be installed as WMI provider for covert long-term persistence.

SQLC2

SQLC2 is a PowerShell script for deploying and managing a command and control system that uses SQL Server as both the control server and the agent.

goddi (Go Dump Domain Info)

GODDI dumps Active Directory domain users, groups, domain controllers, and related information into CSV output, in just a matter of seconds. It runs on both Windows and Linux.

JavaSerialKiller

WebLogic Password Decryptor is a PowerShell and Java tool to decrypt WebLogic passwords and gain access to other systems and Oracle databases.

WebLogicPasswordDecryptor

WebLogic Password Decryptor is a PowerShell and Java tool to decrypt WebLogic passwords and gain access to other systems and Oracle databases.

Invoke-ExternalDomainBruteForce

Invoke-ExternalDomainBruteForce is a bruteforce tool for automated password-guessing on managed and federated domains.

Get-AdDecodedPassword

Get-AdDecodedPassword uses the Active Directory PowerShell Module to query Active Directory and decode UnixUserPassword, UserPassword, unicodePwd, or msSFU30Password fields.

GET-MSSQLALLCredentials

GET-MSSQLALLCredentials is a PowerShell tool to identify all MSSQL instances on a server, determine the encryption algorithm and automate credential password decryption.

DAFT: Database Audit Framework & Toolkit

DAFT is a MSSQL database auditing and assessment tool written in C# that can identify non-default databases and database tables, search for sensitive data by keyword and execute SQL commands.

PowerSkype

PowerSkype is a PowerShell tool to attack federated Skype for Business instances that allows you to validate email addresses, get Skype availability, send phishing messages and more.

Invoke-TheHash

Invoke-TheHash is a PowerShell to pass the hash WMI and SMB tasks. Authentication is performed by passing an NTLM hash into the NTLMv2 authentication protocol.

TellMeYourSecrets

TellMeYourSecrets is a C# DLL to dump LSA secrets.

Powermad

Powermad is a collection of PowerShell MachineAccountQuota and DNS exploit tools to launch man-in-the-middle attacks.


Contact Us